Subj : Game over hackers are using a spoofed version of Minesweeper to To : All From : TechnologyDaily Date : Mon May 27 2024 16:30:05 Game over hackers are using a spoofed version of Minesweeper to snare victims Date: Mon, 27 May 2024 15:24:04 +0000 Description: A copy of Minesweeper carrying remote access software has been spotted in phishing emails. FULL STORY ====================================================================== Russian hackers are targeting financial institutions in Europe and the United States with a nostalgia-laden gaming lure. Two security agencies in Ukraine - CSIRT-NBU, and CERT-UA, hae warned of a new phishing campaign conducted by a threat actor they track as UAC-0188. This group is also known as FRwL, which is most likely an abbreviation of From Russia with Love, a 1963 James Bond film. The group is sending phishing emails from support@patient-docs-mail.com , pretending to be a medical center. The emails come with the subject line Personal Web Archive of Medical Documents, and carry a 33 MB attachment, a ..SCR file hosted on Dropbox containing code from a Python clone of the famous Minesweeper Windows game. However, the clone also downloads additional scripts from a remote source which, after a few more steps, end up installing SuperOps RMM. Abusing SuperOps RMM SuperOps RMM, short for Remote Monitoring and Management, is a software platform designed to assist managed service providers (MSPs) and IT professionals in managing and monitoring client IT infrastructure remotely. It integrates various tools and functionalities to streamline IT operations, enhance security, and improve efficiency. The tool is legitimate, but often abused, similar to what happened to Cobalt Strike. SuperOps RMM grants the attackers remote access to the compromised systems, which they can then use to deploy more serious malware or infostealers, grabbing login credentials, sensitive data, banking information, and more. IT admins should monitor their network activity for the presence of SuperOps RMM, and if they dont usually use the software (or know not to have it installed at all), should treat the activity as a sign of compromise. There was no word on who the usual targets are, or how many organizations the group managed to compromise. Via BleepingComputer More from TechRadar Pro Microsoft SQL servers hijacked to deliver Cobalt Strike and ransomware Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/game-over-hackers-are-using-a-spoofed-v ersion-of-minesweeper-to-snare-victims --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .